PivotX -- 'ajaxhelper.php' Cross Site Scripting Vulnerability

Details

VuXML ID

0d3547ab-9b69-11e1-bdb1-525401003090

Discovery

2012-05-09

Entry

2012-05-12

Modified

2012-05-14

High-Tech Bridge reports:

Input passed via the "file" GET parameter to
/pivotx/ajaxhelper.php is not properly sanitised before
being returned to the user. This can be exploited to
execute arbitrary HTML and script code in administrator's
browser session in context of the affected website.